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(57) Abstract 

The present invention is a system and a method for the use of a biometric feature as a key to grant access to a computer. The 
computer comprises a processor connected to a biometric sensor and a resource for operating the biometric sensor. TTie processor has a 
nonenabled state and an enabled state. In the nonenabled state the processor cannot execute applications loaded into memory from a hard 
drive. In the enabled state the processor can execute such applications. A user gains access to the computer and enables the processor 
by having a biometric feature input onto the computer using the biometric sensor. The resource that operates the biometric sensor then 
compares data representing the biometric feature to enrolled user data contained within the resource. If the data representing the biometric 
feature matches me enrolled user data then the resource switches the processor from the nonenabled state to the enabled state. If there is 
not a match then the processor remains in the nonenabled state. 
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INTEGRATED BIOMETRIC AUTHENTICATION FOR 
ACCESS TO COMPUTERS 

5 Related Art 

The invention relates to a system and method for the use of biometric 
features to control access to a system, and more particularly to a system and 
method for the use of biometric features to control access to a computer. 
Background of the Invention 

1 0 Controlling access to information and especially information stored on 

computers is a problem that people and organizations must confront on a daily 
basis. A variety of systems and methods are currently used to protect information 
and computers from unauthorized access or interference. The most common 
protection systems and methods include the use of a password which must be 

1 5 supplied by a user. 

A password based protection system or method depends on a piece of 
critical information, the password, for access to be gained to the information or 
computer. As long as the password is retained by the rightful user, access by 
others will be deterred. However, if the password is secured from the rightful 

20 owner whether by theft, fraud, duress, surveillance, or consent, someone other than 
the rightful user could obtain access to the information or computer. Additionally, 
for password based systems and methods longer passwords are harder for 
unauthorized users to guess, but they are also harder for authorized users to 
remember. 

25 Furthermore, in some password based protection systems or methods the 

password or the program implementing the password protection is stored on a mass 
storage device such as a hard disk drive in the computer. These password 
protection systems and methods can be circumvented by replacing the mass storage 
device with another one, inserting a computer program on the mass storage device 
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which when executed will inhibit operation of the password protection 
programming or which will allow access to the computer or the sensitive 
information stored on the computer. 

Therefore what is needed is a protection system and method which is based 
5 on critical information that is easily accessible to the authorized user, hard to steal, 
forge, or fabricate and which prevents the computer from executing programs or 
applications stored on a mass storage device connected to the computer 
Summary of the Invention 

In one embodiment of the present invention a biometric feature of a user's 

1 0 body serves as a key to grant access to a computer. In this embodiment the 

computer includes a biometric sensor, a processor, the processor being coupled to 
the biometric sensor, and a resource for operating the biometric sensor, the 
resource being coupled to the biometric sensor. 

The processor has an enabled state and a nonenabled state. In the enabled 

15 state, the processor has loaded an operating system into a memory coupled to the 
processor so that the processor can execute computer programs loaded into 
memory from a mass storage device such as a hard disk drive, a CD ROM or 
computer programs loaded from a source external to the computer such as the 
Internet. In the nonenabled state, the processor cannot execute commands as part 

20 of a computer program loaded into memory from a mass storage device or from an 
source external to the computer. 

The resource for operating the biometric sensor is initiated by a user input. 
A suitable user input includes the user operating a power switch to turn on the 
computer. In response to the user input, the resource operates the biometric sensor. 

25 The biometric sensor reads biometric information from the biometric sensor, the 
biometric information being input into the sensor as part of the user input. Any 
biometric information will suffice, including but not limited to a retinal image, a 
palm print, a signature, facial features, or a fingerprint In the case where a 
fingerprint is used, the biometric information read from the biometric sensor 

30 includes information representing a fingerprint. For a valid user input, which in 
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the present embodiment includes information representing a user fingerprint which 
corresponds to information representing a valid fingerprint stored in the computer, 
the resource changes the processor from the nonenabled state to the enabled state. 
In one embodiment of the invention the resource includes a basic input and output 
5 system (a "BIOS" program). A BIOS program in a traditional personal computer is 
a program stored in the computer in a nonvolatile memory, the BIOS memory, 
which typically begins operation once the computer is powered on and completes 
its operation by loading an operating system. In this embodiment, after the 
resource verifies that the user input includes a valid user input, the BIOS program 

10 is allowed to finish its operation and loads an operating system, enabling the 
processor to run computer applications or computer programs. In the present 
embodiment if the user input does not include a valid user input then the resource, 
the BIOS program in this embodiment, will not allow the computer to load an 
operating system. The processor thus remains in the nonenabled state and can not 

1 5 run computer programs stored on a mass storage device couple to the computer, 
and the computer cannot access information stored within the computer. 

Another embodiment of the present invention is a computer for integrated 
biometric access control comprising a processor, a biometric sensor coupled to the 
processor, a resource coupled to the biometric sensor that operates the biometric 

20 sensor, and a resource coupled to the processor that switches the processor from a 
nonenabled state to an enabled state after operation of the resource that operates the 
biometric sensor. In one aspect of the invention the enabled state of the processor 
includes an operating system loaded into a memory. In another aspect of the 
invention the enabled state of the processor includes loading a program from a 

25 mass storage device connected to the computer into a memory connected to the 
computer. In yet another aspect of the invention, the processor in the nonenabled 
state cannot load an operating system. 

In another embodiment of the invention, the resource that operates the 
biometric sensor includes a resource that reads data from the biometric sensor, 

30 wherein the data represents a biometric feature. In another aspect of the invention, 
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the resource that operates the biometric sensor includes a resource that stores 
enrolled user data. In still another aspect of the invention the resource that operates 
the biometric sensor includes a resource that compares the data from the biometric 
sensor to information stored in the computer. In another aspect of the invention if 
5 the data matches the information stored in the computer within predetermined 
limits, then the resource that switches the processor from the nonenabled state to 
the enabled state is allowed to switch the processor to the enabled state. In this 
aspect of the invention if the data does not match the information stored in the 
computer, then the resource that switches the processor from the nonenabled state 
10 to the enabled state is prevented from switching the processor into the enabled 

state. In one embodiment, the information stored in the computer includes enrolled 
user data. 

Still another embodiment of the invention comprises a processor, an 
internal bus, the internal bus being connected to the processor, and a biometric 

15 sensor, the biometric sensor being connected to the internal bus. In one aspect of 
the invention the biometric sensor includes a resource > that reads biometric 
information from the biometric sensor. In another aspect of the invention the 
biometric sensor includes a resource that operates the biometric sensor before 
loading an operating system. In yet another aspect of the invention the resource 

20 that operates the biometric sensor includes a resource that stores enrolled user data. 
In still another aspect of the invention, the resource that reads data from the 
biometric sensor includes a resource that automatically determines a set of default 
settings for the representing the biometric feature. 

In yet another aspect of the invention the resource that operates the 

25 biometric sensor includes a resource that compares the biometric information from 
the biometric sensor to information stored in the computer. In another aspect of the 
invention if the biometric information from the sensor matches the information 
stored in the computer within predetermined limits, then the resource that operates 
the biometric sensor before loading the operating system is allowed to load the 

30 operating system. In this aspect of the invention if the biometric information from 
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the sensor does not match the information stored in the computer, then the resource 
that operates the biometric sensor before loading the operating system is prevented 
from loading the operating system. 

Yet another embodiment of the invention is a method of integrated 
5 biometric authentication for access to a computer, the method comprising 

reading data representing a biometric feature, and attempting to authenticate the 
biometric feature before loading an operating system. 

Still another embodiment of the invention is a method of enrolling a user in 
an integrated biometric authentication system for access to a computer, the method 
10 comprising reading data representing a biometric feature and storing the data in a 
nonvolatile memory. In one aspect of the invention the nonvolatile memory 
includes a BIOS memory or a part of a BIOS memory. Yet another aspect of this 
embodiment of the invention comprises storing biometric authentication software 
in the nonvolatile memory. In still another aspect of this embodiment of the 
1 5 invention storing biometric authentication software in the nonvolatile memory 
includes storing a verification program in. the nonvolatile memory. 
Brief Description of the Figure 

Figure 1 depicts a computer in accordance with on embodiment of the 

invention. 

20 Figure 2 is a flowchart depicting the operating of one embodiment of the 

invention. A user's biometric information is read and compared to enrolled user 
data in order to determine if the user should be granted access to the computer. 

Figure 3 is a flowchart depicting the enrollment of users in an embodiment 
of the present invention. 
25 Figure 4 A depicts a general menu of a graphical user interface of an 

embodiment of the enrollment software of the invention. 

Figure 4B depicts a users menu of a graphical user interface of an 
embodiment of the enrollment software of the invention. 

Figure 5 depicts a computer with a BIOS memory in accordance with on 
30 embodiment of the invention. 
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Figure 6 depicts a memory allocation of a BIOS memory, extension in 
accordance with an aspect of the invention. 
Detailed Description 

The following description is presented to enable a person skilled in the art 
5 to make and use the invention, and is provided in the context of a particular 
application and its requirements. Various modifications to the disclosed 
embodiments will be readily apparent to those skilled in the art, and the general 
principles defined herein may be applied to other embodiments and applications 
without departing from the spirit and scope of the invention. Thus, the present 
1 0 invention is not intended to be limited to the embodiments disclosed, but is to be 
accorded the widest scope consistent with the principles and features disclosed 
herein. 

Figure 1 depicts an embodiment of the invention. Computer 100 includes a 
processor. Processor 102 is any type of processor such as a microprocessor, 

1 5 dedicated logic, a digital signal processor, a programmable gate array, a neural 
network, or a central processor unit implemented in any other technology. 
Processor 102 is coupled to internal bus 104. Although Figure 1 depicts processor 
102 being directly coupled to internal bus 104, processor 102 could be coupled to 
internal bus 104 through a bus controller. Internal bus 104 could be an ISA bus a 

20 micro-channel bus, a VESA bus, a PCI bus, or any other system or host bus. 

Biometric sensor 106 is coupled to processor 102 through internal bus 104. 
Biometric sensor 106 senses a biometric feature such as fingerprints, retinas, palm 
prints, irises, feces, signature, or any other biometric attribute or characteristic. 
Although only one biometric sensor is shown in Figure 1, any number of sensors 

25 could be connected to the computer in any combination allowing biometric features 
from more than one portion of a single body or more than one body to be used. 
Biometric sensor 106 generically represents any type of sensor including a camera, 
a fingerprint sensor, a laser based sensor, a pressure sensor to detect a written 
signature, or any other type of sensor that can be used to detect a biometric feature 

30 or attribute. Examples of biometric sensors are described in U.S. Patent 
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Application No. 08/573,100, entitled "Fingerprint Acquisition Sensor," inventors: 
Alexander G. Dickinson, Ross McPherson, Sunetra Mendis and Paid C. Ross, 
filed 12/15/95, U.S. Patent Application No. 08/855,230 entitled "Capacitive 
Fingerprint Sensor with Adjustable Gain," inventors: Alexander G. Dickinson, 
5 Ross McPherson, Sunetra Mendis and Paul C. Ross, filed 5/1 3/97, and U.S. 

Patent Application No. 08/971 ,455 entitled "Automatic Adjustment Processing for 
Sensor Devices," inventors: Anthony P. Russo, and Lawrence O'Gorman, filed 
1 1/17/97. All three applications are commonly owned with the present application 
and all three applications are hereby incorporated by reference. 
1 0 Resource 1 08 operates biometric sensor 1 06 and is coupled to processor 

102 through internal bus 104. Resource 108 includes resource 110 which stores 
enrolled user data. The enrolled user data represents the biometric features of users 
who have been granted access to computer 100. The enrolled user data could be 
stored in any way that can be compared to the data generated by biometric sensor 
15 1 06. One example of a cryptographic storage technique that can be used is 

described in U.S. Patent Application No. 08/857,642 entitled "Identification and 
Security Using Biometric Measurements," inventors: Peter Kelley Pearson, 
Thomas Edward Rowley, and Jimmy Ray Upton filed 5/16/97. 

Resource 1 12 switches processor 102 from a nonenable d state to an enabled 
20 state and is coupled to processor 1 02 through internal bus 1 0 4. In other 

embodiments of the invention, resource 1 10 is not included within resource 108, 
but is a separate resource. In still other embodiments, resources 108, 1 10 and 1 12 \y 
are all combined into one resource, and in still other embodiments biometric sensor 
106 is directly coupled to resource 108. Memory 1 14 is coupled to processor 102 
25 through internal bus 104. Memory 114 may includes system memory, and cache 
memory. 

Computer 100 may also include mass storage device 116, network 
connection 1 18, and/or one or more input/output ("I/O") ports 120. In other 
embodiments of the invention, sensor 106 can be coupled through I/O ports 120 to ^ 
30 internal bus 104. Mass storage device 116 may include, but is not limited to a hard 
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disk drive, a CD ROM drive, or a DVD Drive. Network connection 118 may 
includes but is not limited to an intranet connection, an internet connection, a 
world wide web connection, or any other connection to another computer. 
In one embodiment of the invention, when processor 1 02 is in the 

5 nonenabled state computer programs or applications stored in memory 114, mass 
storage device 1 16 or input through network connection 118 cannot be executed by 
processor 102. In another embodiment of the invention the nonenabled state of the 
processor includes the situation in which an operating system has not been loaded 
into memory 1 14. In another embodiment of the invention, when processor 102 is 

10 in the enabled state computer programs or applications stored in memory 114, 

mass storage device 1 16 or input through network connection 118 can be executed 
by processor 1 02. For a processor in a personal computer, the enabled state of the 
processor includes the situation in which an operating system has been loaded into 
memory 1 14. 

15 In one embodiment of the invention not depicted in Figure 1 , resource 108, 

resource 1 10, and resource 1 12 can be incorporated in a BIOS program stored in a 
BIOS memory or in a BIOS memory. In another embodiment, one or more of 
resources 108, 1 10 and 112 can be incorporated into a memory in biometric sensor 
106 and the remaining resource, if any, incorporated into a BIOS memory or a 

20 BIOS memory extension. 

Figure 2 is a flowchart which depicts the operation of one embodiment of 
the present invention. In step 202 computer 100 is powered on, processor 102 is in 
the nonenabled state, and the computer then proceeds to step 204. In step 204 
resource 108 operates the biometric sensor. In other embodiments of the invention, 

25 step 204 can occur at any time during the start up process of the computer from 
power on step 202 until the processor is switched into the enabled state. In an 
embodiment of the present invention in which the computer is a personal computer 
and resources 108, 1 10, and 1 12 are incorporated into or called by a BIOS program, 
step 204 can occur at any point up until the BIOS loads the operating system. 
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After step 204, thai step 206 is executed. In step 206 resource 108 reads 
data representing a biometric feature from biometric sensor 106. After step 206, 
step 208 is executed. In step 208 the data representing the biometric feature is read 
until the data is meets a preset image quality standard. Optional image 

5 enhancement features may be used at this point such as those described in the U.S. 
Patent Applications "Capacitive Fingerprint Sensor with Adjustable Gain," 
inventors: Alexander G. Dickinson, Ross McPherson, Sunetra Mendis and Paul C. 
Ross, filed 5/13/97, and "Automatic Adjustment Processing for Sensor Devices," 
inventors: Anthony P. Russo, and Lawrence O'Gorman. In other embodiments of 

0 the present invention step 208 may be skipped Next, step 2 1 0 is executed. 

In step 210 resource 108 compares the data read in from the sensor to the fl 
enrolled user data stored in resource 1 1 0. Predefined tolerances defining 
acceptable matches between the data read in from the biometric sensor and the 
enrolled user data can be established. In other embodiments of the invention step 

5 210 includes advanced matching techniques. Advanced matching techniques may 
include but are not limited to image processing, geometric processing, and 
statistical processing. Next step 212 is executed. 

In step 212 if the data read in from the sensor matches the enrolled user data, or if 
it is within the predefined tolerances, then step 214 is executed and resource 1 12 

.0 switches the processor from the none nabled state to the enabled state. In other 

embodiments of the invention, step 214 includes keeping a log of users who access 
the computer, requiring one or more other users to also be verified before the 
processor is enabled, or requiring the user to provide another password which may 
or may not be a biometric password or include biometric information. 

15 If the match at step 212 is not close enough then step 21 6 is executed. At 

step 21 6 if the predefined number of retries has not been reached then the system 
returns to step 206. In other embodiments of the invention, if the match at step 212 
is not close enough then the user is provided with a message indicating that the 
sensor is retrying the process, that the sensor needs to be adjusted or cleaned, or 

(0 any other message which conveys information to the user in order to aid the 
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identification process. If the retry limit has been reached, then step 21 8 is executed 
and the processor remains in the nonenabled state. In other embodiments of the 
invention if the match is not close enough at step 212 then step 218 is executed 
directly, and in effect the retry limit is zero retries. 
5 Figure 3 is a flowchart depicting enrollment of users in accord with an 

embodiment of the present invention. In the case where there are no enrolled users, 
at step 302, a biometric sensor is coupled to a processor of the computer if this has 
not already been done. Next, at step 304 the computer is turned on. Next, at step 
306 the computer toots up normally and the processor is enabled. Next, if either 

10 the enrollment or verification software is not loaded, then at step 308 the missing 
software is loaded into the computer. In one embodiment of the invention, the 
verification software is loaded into the appropriate resources. For example, the 
verification software that operates the biometric sensor is loaded into the resource 
that operates the biometric sensor. In one embodiment of the invention the 

1 5 enrollment software is also loaded into the resource that operates the biometric 
sensor, and in another embodiment of the invention, the enrollment software is 
loaded on to a mass storage device and is run by the computer as an application. 

Next, step 3 1 0 is executed and one or more users are enrolled into the 
system. Figures 4A and 4B represent images of graphical user interfaces in accord 

20 with one embodiment of the present invention. In Figure 4A general dialog box 
402 gives the user an array of configuration choices for the enrollment and 
verification system. Option 404 allows a user to enable the biometric access 
control system. Options 406 and 408 enable optional image and quality 
enhancement resources such as those described in the U.S. Patent Application 

25 entitled "Capacitive Fingerprint Sensor with Adjustable Gain," inventors: 

Alexander G. Dickinson, Ross McPherson, Sunetra Mendis and Paul G. Ross, 
filed 5/13/97, and U.S. Patent Application entitled "Automatic Adjustment 
Processing for Sensor Devices," inventors: Anthony P. Russo, and Lawrence 
O'Gorman, filed. 
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Option 410 allows the maximum a user to set the maximum number of 
users that can be enrolled into the system. Option 412 allows the maximum 
number of retries of the verification cycle to be set. Option 414 allows the user to 
set the match score that will be required in order for data representing a biometric 
5 feature to be considered a close enough match with enrolled data to allow the user 
access to the computer. In the embodiment depicted by the flowchart of Figure 2, 
this option sets the match which will be required in step 212. 

Option 416 allows the user to set the resolution which will be used to 
represent the enrolled user data. In one embodiment, when button 418 is activated, 
10 the configuration choices depicted on the general menu options discussed above 
will be stored in the resource that operated the biometric sensor. Status line 420 
indicates that the biometric sensor is connected to the computer and working 
properly. 

Figure 4B depicts the graphical user interface representing the users 
1 5 enrollment interface 448. A user places a biometric feature on the biometric sensor 
and selects read button 450. The biometric feature is then read by the biometric 
sensor and displayed in box 452. A user can enter a user id at line 454 and a 
password in line 456. Box 458 can be selected to save the data representing the 
user, including the biometric feature and the user id and password. The user's 
20 biometric feature can be designated for use as enrolled user data by selecting add 
button 460. 

A user's enrolled user data can be called up by entering the user's user id 
and password. The data will then appear in box 462. The user's enrolled data can 
be deleted by selecting delete box 464. In one embodiment of the invention, apply 
25 button 466 updates resource 1 1 0 of Figure 1 which stores the enrolled user data. 
OK button 468 also updates resource 110, and additionally closes the graphical 
user interface box depicted in Figure 4B. Cancel button 470 cancels the changes to 
the enrolled user data and closes the graphical user interface box. 

In another embodiment of the invention, users are enrolled into the system 
30 at a secure site and the enrolled user data is loaded into the resource that stores the 



WO 99/47989 



PCT/US99/05218 



enrolled user data. In one embodiment the resource that stores the enrolled user 
data is nonvolatile memory which includes a BIOS program. The nonvolatile 
memory including the BIOS and the enrolled user data can then be incorporated 
into a computer. In yet another embodiment, the resource that operates the 
5 biometric sensor can also be stored in a nonvolatile memory which contains the 
BIOS program. 

In still another embodiment of the invention, users are enrolled into the 
system once access to the computer has been granted to an enrolled user. In this 
embodiment the graphical user interfaces represented by Figures 4A and 4B are 

1 0 operated one the enrolled user gains access to the computer. 

Figure 5 depicts another embodiment of the invention. Computer 500 
comprises central processing unit 502 coupled to bus controller 504. System 
memory and cache 506 is also coupled to bus controller 504. Internal bus 508 is 
coupled to bus controller 504. Internal bus 508 could be an ISA bus a micro- 

1 5 channel bus, a VESA bus, a PCI bus, or any other system or host bus. 

BIOS memory 510 is coujrted to internal bus 508. Figure 5 depicts BIOS 
memory 510 as two components, host BIOS memory 512 and BIOS memory 
extension 514. In other embodiments of the invention, the BIOS memory 
extension is eliminated and the programming stored in BIOS memory extension 

20 5 1 4 is incorporated into host BIOS memory 512. 

Biometric sensor 516 is coupled to internal bus 508. In one embodiment 
biometric sensor 516 includes sensor controller 518 and biometric sensor device 
520. Mass storage device 522, which can include but is not limited to a hard disk 
drive or a floppy disk drive, is coupled to internal bus 508 through mass storage 

25 device controller 524. Other devices which may be coupled to internal bus 508 
include but are not limited to display controller 526 which is coupled to display 
528, keyboard and keyboard controller 530, extra memory 532, and serial and 
parallel ports 534. 

In one embodiment of the invention, the BIOS program stored in host BIOS 
30 memory 512 contains an initial program loader, which could be a bootstrap loader, 
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which loads the BIOS program from the host BIOS memory into system memory 
when the computer is first powered on. The BIOS program then tests and 
initializes the devices connected to the internal bus, including but not limited to the 
system memory, the display, the internal bus, and the keyboard. The BIOS 

5 program then begins loading an operating system or other external software, 

enabling the processor to execute non-BIOS programming. At any point between 
the time the initial program loader loads the BIOS program into the system 
memory and when the processor is enabled, the BIOS program searches for a 
particular numerical signature in a memory location. If the signature is found then 

0 the computer code appearing after the signature is executed. 

Figure 6 depicts a BIOS memory extension in accord with one embodiment 
of the invention. In this embodiment, the BIOS program is searching for the 
signature 55AA. In other embodiments the BIOS program could be searching for 
other numerical signatures. This signature appears at 602 at the top of the BIOS 

5 memory extension. Memory location 604 contains manufacturer and version 
information for biometric sensor 516. Location 606 contains configuration 
defaults for biometric sensor 516. These configuration defaults may include those 
entered using the graphical user interfaces of Figures 4A and 4B. Memory location 
608 contains enrolled user data. Memory location 610 contains the programming 

0 that operates the biometric sensor and allows it to read in the data representing the 
biometric feature and enhance the image if required. Memory location 612 
contains the programming that compares the data read in from the biometric sensor 
to the enrolled user data. 

In another embodiment of the invention, the information and computer 

5 code depicted in Figure 6 is stored in the host BIOS memory. In yet another 
embodiment of the invention, the information and computer code depicted in 
Figure 6 and the BIOS program stored in the host BIOS are both stored in the 
central processing unit. In another embodiment of the invention the information 
and computer code depicted in Figure 6 and the BIOS program stored in the host 

0 BIOS are both stored in nonvolatile memory in the biometric sensor. 
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The foregoing description of embodiments of the present invention are 
presented for the purposes of illustration and description only. They are not 
intended to be exhaustive or to limit the invention to the forms disclosed. Many 
modifications and variations will be apparent to practitioners skilled in the art. It is 
5 intended that the scope of the invention be defined by the following claims and 
their equivalents. 
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WHAT IS CLAIMED IS : 

L A computer for integrated biometric access control, comprising: 
a processor; 

5 a biometric sensor, the biometric sensor being coupled to the 

processor; 

a resource that operates the biometric sensor, the resource being 
coupled to the biometric sensor; and 

a resource, coupled to the processor, that switches the processor 
1 0 from a nonenabled state to an enabled state after operation of the resource 

that operates the biometric sensor. 

2. The computer of claim 1 , wherein the enabled state of the processor 
includes an operating system loaded into a memory. 

15 

3. The computer of claim 1, wherein the enabled state of the processor 
includes loading a program from a mass storage device connected to the computer 
into a memory connected to the computer. 



20 4. The computer of claim 1 , wherein the enabled state of the processor 

includes loading a program from a network connected to the computer into a 
memory connected to the computer. 

5 . The computer of claim 1 , wherein the processor in the nonenabled 
25 state cannot load an operating system. 

6. The computer of claim 1 , wherein the resource that operates the 
biometric sensor includes a resource that reads data from the biometric sensor, and 
the data represents a biometric feature. 

30 
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7. The computer of claim 6, wherein the biometric feature includes a 
fingerprint 

8. The computer of claim 1, wherein the biometric sensor is coupled to 
5 the processor by an internal bus. 



9. The computer of claim 1 , wherein the resource that operates the 
biometric sensor includes a resource that stores enrolled user data. 

10 10. The computer of claim 6, wherein the resource that reads data from 

the biometric sensor includes a resource that automatically determines a set of 
default settings for the data representing the biometric feature. 

1 1 . The computer of claim 6, wherein the resource that operates the 
15 biometric sensor includes a resource that attempts to compare the data from the 

biometric sensor to information stored in the computer. f 

12. The computer of claim 1 1 , wherein the resource that attempts to 
compare the data from the biometric sensor to information stored in the computer 

20 includes a resource that attempts to validate a user identity. 

1 3 . The computer of claim 1 , wherein the biometric sensor includes a 
capacitive fingerprint sensor. 

25 14. The computer of claim 1 , comprising a BIOS memory including a 

BIOS program wherein the BIOS memory includes the resource that operates the 
biometric sensor. 
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1 5. The computer of claim 1 4, wherein the BIOS memory includes a 
BIOS memory extension and the BIOS memory extension includes the resource 
that operates the biometric sensor. 

5 1 6. A computer for integrated biometric access control, comprising: 

a processor; 

an internal bus, the internal bus being connected to the processor, 

and 

a biometric sensor for controlling access to the computer, the 
1 0 biometric sensor being connected to the internal bus. 

17. The computer of claim 16, wherein the biometric sensor includes a 
resource that reads biometric information from the biometric sensor. 

15 18. The computer of claim 1 7, wherein the biometric information 

includes information representing a fingerprint. , 

19. The computer of claim 1 6, wherein the biometric sensor includes a 
resource that operates the biometric sensor before loading an operating system. 

20 

20. The computer of claim 1 9, wherein the resource that operates the 
biometric sensor includes a resource that stores enrolled user data. 

2 1 . The computer of claim 1 9, wherein the resource that operates the 
25 biometric sensor includes a resource that reads data from the biometric sensor, and 

the data represents a biometric feature. 

22. The computer of claim 21 , wherein the resource that reads data from 
the biometric sensor includes a resource that automatically determines a set of 

30 default settings for the data representing the biometric feature. 
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23 . The computer of claim 1 9, wherein the resource that operates the 
biometric sensor includes a resource that attempts to compare the biometric 
information from the biometric sensor to information stored in the computer. 

5 

24. The computer of claim 23, wherein the resource that attempts to 
compare the biometric information from the biometric sensor to information stored 
in the computer includes a resource that attempts to validate a user identity. 

10 25. The computer of claim 16, wherein the biometric sensor includes a 

capacitive fingerprint sensor. 

26. The computer of claim 16, comprising a parallel port connected to 
the bus. 

15 

27. The computer of clajm 16, comprising a BIOS memory, including a 
BIOS program, the BIOS memory including a resource that initiates operation of 
the biometric sensor. 

20 28 . A method of integrated biometric authentication for access to a 

computer, the method comprising: 

reading data representing a biometric feature; and 
attempting to authenticate the biometric feature before loading an 
operating system. 

25 

29. The method of claim 28, wherein loading the operating system 
includes reading at least a portion of the operating system from a disk. 
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30. The method of claim 28, wherein loading the operating system 
includes reading at least a portion of the operating system from a network 
connection. 

5 31. The method of claim 28, wherein reading data includes 

automatically determining a set of default settings for the data representing the 
biometric feature. 

32. The method of claim 28, comprising storing data representing the 
10 biometric feature in a memory in the computer. 

33. The method of claim 28, comprising loading the operating system 
after attempting to authenticate if attempting to authenticate is successful. 

1 5 34. The method of claim 28, comprising not loading the operating 

system after attempting to authenticate if attempting to authenticate is* 
unsuccessful. 

35. The method of claim 28, wherein attempting to authenticate 

20 includes comparing the data representing the biometric feature to enrolled user 
data. 

36. The method of claim 28, wherein the biometric feature includes a 
fingerprint 

25 

37. A method of integrated biometric authentication for access to a 
computer, the computer including a processor, and the processor having an enabled 
state and a nonenabled state, the method comprising: 

reading data representing a biometric feature; and 
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attempting to authenticate the biometric feature before switching the 
processor from the nonenabled state to the enabled state. 

38. The computer of claim 37, wherein the enabled state of the 
5 processor includes an operating system loaded into a memory. 

39. The computer of claim 37, wherein the enabled state of the 
processor includes loading a program from a mass storage device connected to the 
computer into a memory connected to the computer. 

10 

40. The computer of claim 37, wherein the enabled state of the 
processor includes loading a program from a network connected to the computer 
into a memory connected to the computer. 

15 41 . The computer of claim 37, wherein the processor in the nonenabled 

state cannot load an operating system. , 

42. The method of claim 37, wherein reading data includes 
automatically determining a set of default settings for the data representing the 

20 biometric feature. 

43. The method of claim 37, comprising storing data representing the 
biometric feature in a memory in the computer. 

25 44. The method of claim 37, wherein the switching the processor from 

the nonenabled state to the enabled state after attempting to authenticate occurs if 
attempting to authenticate is successful. 
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45, The method of claim 37, comprising not switching the processor 
from the nonenabled state to the enabled state after attempting to authenticate 
occurs if attempting to authenticate is unsuccessful. 

5 46. The method of claim 37, comprising maintaining the processor in 

the nonenabled state after attempting to authenticate occurs if attempting to 
authenticate is unsuccessful. 

47. The method of claim 37, wherein attempting to authenticate 

1 0 includes comparing the data representing the biometric feature to enrolled user 
data. 

48. The method of claim 37, wherein the biometric feature includes a 
fingerprint. 

15 

49. A method of enrolling a user in an integrated biometric 
authentication system for access to a computer, the method comprising: 

reading data representing a biometric feature; and 
storing the data in nonvolatile memory in the computer. 

20 

50. The method claim 49, comprising automatically determining a set of 
default settings for the data representing the biometric feature. 

51. The method claim 49, wherein the nonvolatile memory includes a 
25 BIOS memory, the BIOS memory including a BIOS program. 

52. The method claim 49, comprising storing biometric authentication 
software in the nonvolatile memory. 
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53. The method claim 52, wherein storing biometric authentication 
software in the nonvolatile memory includes storing a verification program in the 
nonvolatile memory. 

5 54. The method claim 49, comprising a biometric sensor, the biometric 

sensor including nonvolatile memory. 

55. A computer for integrated biometric access control, comprising: 
a processor; 

10 a bus controller, the bus controller being connected to the processor; 

a bus, the bus being connected to the bus controller; 

a BIOS memory, the BIOS memory including a BIOS program, the 
BIOS memory being connected to the bus; 

a BIOS memory extension, the BIOS memory extension being 
15 connected to the bus; and 

a biometric sensor, the biometric sensor being connected to the bus. 

56. The computer of claim 55, comprising a parallel port connected to 
the bus. 

20 

57. The computer of claim 55, wherein the BIOS memory extension 
includes a resource which reads biometric information from the biometric sensor. 

58. The computer of claim 56, wherein the biometric information 
25 includes information representing a fingerprint. 

59. The computer of claim 55, wherein the BIOS memory extension 
includes a resource that operates the biometric sensor before loading an operating 
system. 

30 
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60. The computer of claim 59 wherein the resource that operates the 
biometric sensor includes a resource that stores enrolled user data. 

61 . The computer of claim 60, wherein the resource that operates the 

5 biometric sensor includes a resource that reads data from the biometric sensor, and 
the data represents a biometric feature. 

62. The computer of claim 6 1 , wherein the resource that reads data from 
the biometric sensor includes a resource that automatically determines a set of 

10 default settings for the data representing the biometric feature. 

63 . The computer of claim 59, wherein the resource that operates the 
biometric sensor includes a resource that attempts to compare the biometric 
information from the biometric sensor to information stored in the BIOS memory. 

15 

64. The computer of claim 63, wherein thq resource that attempts to 
compare the biometric information from the biometric sensor to information stored 
in the BIOS memory includes a resource that attempts to validate a user identity. 

20 65. The computer of claim 55, wherein the biometric sensor includes a 

capacitive fingerprint sensor. 

66. A computer for integrated biometric access control, comprising: 
a processor; 

25 a bus, the bus being connected to the processor, 

a BIOS memory, the BIOS memory including a BIOS program, the 

BIOS memory being connected to the bus; 

a biometric sensor for sensing a biometric feature of a user, the 

biometric sensor being connected to the bus; and 
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a means for authenticating the biometric feature of the user before 
loading an operating system. 

67. The computer of claim 66, wherein the means for authenticating 
5 includes a means for reading biometric information from the biometric sensor. 

68. The computer of claim 67, wherein the biometric information 
includes information representing a fingerprint. 

1 o 69. The computer of claim 67, including a means for storing enrolled 

user data. 

70. The computer of claim 66, wherein the biometric sensor includes a 
capacitive fingerprint sensor. 

15 

71 . A computer foj integrated biometric access control, comprising: 
a user input, the user input having a biometric sensor; 

a processor, the processor having an enabled state and a nonenabled 
state, and the processor being coupled to the biometric sensor; and 
20 a BIOS memory including a BIOS program, the BIOS memory 

having a resource that responds to the user input and for a valid user input 
the processor changes from the nonenabled state to the enabled state. 

72. The computer of claim 71, wherein the user input includes a power 

25 switch. 
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